Hello, I've got strange problem with centos (as well as rhel btw) chrooted environment. First of all I created simple directory with only the libs for 'bash' and 'id' tools: ---- # chroot testcase/ bash-3.1# id uid=0 gid=0 groups=0,1,2,3,4,6,10 ---- Yes, I even do not have /etc/ directory inside testcase/ , but id shows groups from the _host_ root account. I tried to create full chroot with all the libs and tools based on debian testing, but the same result: # id uid=0 gid=0 groups=0,1,2,3,4,6,10 but if I do # ls /etc/shadow /etc/passwd /etc/group /etc/group /etc/passwd /etc/shadow then # id uid=0(root) gid=0(root) groups=0(root),1(daemon),2(bin),3(sys),4(adm),6(disk),10(uucp) Args, quite strange for me. I tried to use strace to identify where is the problem, and only one thing I found is 530 error on read() : [cut] open("/etc/group", O_RDONLY|0x80000) = -530 getgroups32(0, NULL) = 7 getgroups32(7, [0, 1, 2, 3, 4, 6, 10]) = 7 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 write(1, "uid=0 gid=0 groups=0,1,2,3,4,6,1"..., 34) = 34 [cut] 530 is EIOCBRETRY according to errno.h, but, honestly, I do not know what does it mean and what I can do with it. SElinux - disabled via /etc/selinux/config. CentOS release 4.4 (Final) ? ????? 2.6.9-67.ELsmp. as well as Red Hat Enterprise Linux Server release 5.1 (Tikanga) 2.6.18-53.1.4.el5 Could anyone please explain what is going on and what have I done wrong? Thanks a lot for your time and sorry for my english. -- Maxim Soldatov
On Dec 17, 2007 9:47 AM, Maxim Soldatov <makc at makc.name> wrote:> I've got strange problem with centos (as well as rhel btw) chrooted > environment.That's the behaviour that chroot is supposed to have.> Yes, I even do not have /etc/ directory inside testcase/ , but id shows > groups from the _host_ root account.I see you saying "host" (as opposed to "guest"), but chroot is not a VM environment. When you chroot to a jail, you user id, group id, and additional groups will be still the same as they were before. They're inherited. The issue with it showing the id's as numbers or names is that if the files in /etc/ are not present in the chroot, it won't be able to look them up, then it will show the numbers only. If you need some different id's, maybe you should su before/after chrooting. Or maybe what you need is actually a VM environment, in that case you should try Xen. Regards, Filipe -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20071217/1ecb25e2/attachment-0002.html>
Filipe, Thanks a lot for your reply. On Mon, Dec 17, 2007 at 09:59:52AM -0500, Filipe Brandenburger wrote:> On Dec 17, 2007 9:47 AM, Maxim Soldatov <makc at makc.name> wrote: > > That's the behaviour that chroot is supposed to have.Do not think so. I've been using chroot for a while and on a different system, but this behavior is definitely strange (at least for me).> I see you saying "host" (as opposed to "guest"), but chroot is not a VM > environment. When you chroot to a jail, you user id, group id, and > additional groups will be still the same as they were before. They're > inherited.Yes, you're right about inherited, my fault. So lets change for a little this. 1. chroot 2. su - then I see that I have chrooted uid/git. This is correct. But stranginess in the following (after su - in the chroot): # id uid=0(root) gid=0(root) groups=0(root),11(wheel) [ few minutes ] # id uid=0 gid=0 groups=0,11 # ls /etc/shadow /etc/group /etc/passwd /etc/group /etc/passwd /etc/shadow # id uid=0(root) gid=0(root) groups=0(root),11(wheel) if I run strace on id i see 530 when open(): open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530 open("/etc/group", O_RDONLY|0x80000) = -530> The issue with it showing the id's as numbers or names is that if the files > in /etc/ are not present in the chroot, it won't be able to look them up, > then it will show the numbers only. > > If you need some different id's, maybe you should su before/after chrooting. > Or maybe what you need is actually a VM environment, in that case you should > try Xen.Yes, I understand my mistake with su. Thank you for the explanation.> Regards, > Filipe> _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-- Maxim Soldatov